monodot · January 29, 2017 18:58
diff --git a/amq-ssl-encrypt.sh b/amq-ssl-encrypt.sh
 # FIRST!
 # Make sure Jasypt is installed first in the Karaf container before continuing
 # features:install jasypt-encryption

 # Update these vars as per the environment
 MASTER_PASS=masterpass
 KEYSTORE_PASS=password
 TRUSTSTORE_PASS=password

 # ------

 cd $AMQ_HOME

 # Use the demo keystore and truststore shipped with ActiveMQ
 unzip -j extras/apache-activemq-5.11.0.redhat-630187-bin.zip apache-activemq-5.11.0.redhat-630187/conf/broker.ks apache-activemq-5.11.0.redhat-630187/conf/broker.ts -d etc/

 # Replace openwire with SSL
 sed -i -e 's|name="openwire" uri="tcp://0.0.0.0:0?maximumConnections=1000\&amp;wireFormat.maxFrameSize=104857600"|name="ssl" uri="ssl://0.0.0.0:61617?transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2\&amp;maximumConnections=1000"|' etc/activemq.xml

 # Add sslContext to activemq.xml
 sed -i -e 's|</broker>|    <sslContext> \
              <sslContext \
                   keyStore="${karaf.base}/etc/broker.ks"  \
                   keyStorePassword="${keystore.password}" \
                   trustStore="${karaf.base}/etc/broker.ts" \
                   trustStorePassword="${truststore.password}" \
                   /> \
        </sslContext> \
    </broker>|' etc/activemq.xml

 # Add lovely Jasypt stuff
 cat etc/activemq.xml | tr '\n' '\f' | sed -e 's|<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">\f        <property name="properties">\f            <bean class="io.fabric8.mq.fabric.ConfigurationProperties"/>\f        </property>\f    </bean>|<bean id="environmentVariablesConfiguration" class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> \
        <property name="algorithm" value="PBEWithMD5AndDES" /> \
        <property name="passwordEnvName" value="JASYPT_ENCRYPTION_PASSWORD" /> \
    </bean> \
    <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> \
        <property name="config" ref="environmentVariablesConfiguration" /> \
    </bean> \
    <bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer"> \
        <constructor-arg ref="configurationEncryptor" /> \
        <property name="location" value="file:${karaf.base}/etc/credentials-enc.properties"/> \
        <property name="properties"> \
            <bean class="io.fabric8.mq.fabric.ConfigurationProperties"/> \
        </property> \
    </bean>|' | tr '\f' '\n' > etc/activemq.xml

 # Encrypt keystore/truststore pass and add to properties file
 KEYSTORE_PASS_ENC=$(./extras/jasypt/bin/encrypt.sh input="$KEYSTORE_PASS" algorithm=PBEWithMD5AndDES password=$MASTER_PASS verbose=false)
 TRUSTSTORE_PASS_ENC=$(./extras/jasypt/bin/encrypt.sh input="$TRUSTSTORE_PASS" algorithm=PBEWithMD5AndDES password=$MASTER_PASS verbose=false)
 cat << EOF > etc/credentials-enc.properties
 keystore.password=ENC($KEYSTORE_PASS_ENC)
 truststore.password=ENC($TRUSTSTORE_PASS_ENC)

 EOF

 export JASYPT_ENCRYPTION_PASSWORD=$MASTER_PASS
 ./bin/amq

 # (Optional) use openssl to debug the connection
 openssl s_client -connect localhost:61617 -no_ssl2 -debug
	# FIRST!
	# Make sure Jasypt is installed first in the Karaf container before continuing
	# features:install jasypt-encryption

	# Update these vars as per the environment
	MASTER_PASS=masterpass
	KEYSTORE_PASS=password
	TRUSTSTORE_PASS=password

	# ------

	cd $AMQ_HOME

	# Use the demo keystore and truststore shipped with ActiveMQ
	unzip -j extras/apache-activemq-5.11.0.redhat-630187-bin.zip apache-activemq-5.11.0.redhat-630187/conf/broker.ks apache-activemq-5.11.0.redhat-630187/conf/broker.ts -d etc/

	# Replace openwire with SSL
	sed -i -e 's\|name="openwire" uri="tcp://0.0.0.0:0?maximumConnections=1000\&wireFormat.maxFrameSize=104857600"\|name="ssl" uri="ssl://0.0.0.0:61617?transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2\&maximumConnections=1000"\|' etc/activemq.xml

	# Add sslContext to activemq.xml
	sed -i -e 's\|</broker>\| <sslContext> \
	<sslContext \
	keyStore="${karaf.base}/etc/broker.ks" \
	keyStorePassword="${keystore.password}" \
	trustStore="${karaf.base}/etc/broker.ts" \
	trustStorePassword="${truststore.password}" \
	/> \
	</sslContext> \
	</broker>\|' etc/activemq.xml

	# Add lovely Jasypt stuff
	cat etc/activemq.xml \| tr '\n' '\f' \| sed -e 's\|<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">\f <property name="properties">\f <bean class="io.fabric8.mq.fabric.ConfigurationProperties"/>\f </property>\f </bean>\|<bean id="environmentVariablesConfiguration" class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> \
	<property name="algorithm" value="PBEWithMD5AndDES" /> \
	<property name="passwordEnvName" value="JASYPT_ENCRYPTION_PASSWORD" /> \
	</bean> \
	<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> \
	<property name="config" ref="environmentVariablesConfiguration" /> \
	</bean> \
	<bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer"> \
	<constructor-arg ref="configurationEncryptor" /> \
	<property name="location" value="file:${karaf.base}/etc/credentials-enc.properties"/> \
	<property name="properties"> \
	<bean class="io.fabric8.mq.fabric.ConfigurationProperties"/> \
	</property> \
	</bean>\|' \| tr '\f' '\n' > etc/activemq.xml

	# Encrypt keystore/truststore pass and add to properties file
	KEYSTORE_PASS_ENC=$(./extras/jasypt/bin/encrypt.sh input="$KEYSTORE_PASS" algorithm=PBEWithMD5AndDES password=$MASTER_PASS verbose=false)
	TRUSTSTORE_PASS_ENC=$(./extras/jasypt/bin/encrypt.sh input="$TRUSTSTORE_PASS" algorithm=PBEWithMD5AndDES password=$MASTER_PASS verbose=false)
	cat << EOF > etc/credentials-enc.properties
	keystore.password=ENC($KEYSTORE_PASS_ENC)
	truststore.password=ENC($TRUSTSTORE_PASS_ENC)

	EOF

	export JASYPT_ENCRYPTION_PASSWORD=$MASTER_PASS
	./bin/amq

	# (Optional) use openssl to debug the connection
	openssl s_client -connect localhost:61617 -no_ssl2 -debug